Message374314
I do not think it is a security issue. The crash cannot be triggered by the user input unless you accept the pickle data from untrusted sources, but in that case you are in large danger, because you allow executing arbitrary code.
The changes in this issue just help to debug in some cases when you play with pickle format. In any case thank you for your report. |
|
Date |
User |
Action |
Args |
2020-07-26 14:19:49 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka, belopolsky, christian.heimes, ned.deily, lukasz.langa, p-ganssle, miss-islington, Iman Sharafaldin |
2020-07-26 14:19:49 | serhiy.storchaka | set | messageid: <1595773189.08.0.0426520500882.issue41288@roundup.psfhosted.org> |
2020-07-26 14:19:49 | serhiy.storchaka | link | issue41288 messages |
2020-07-26 14:19:49 | serhiy.storchaka | create | |
|